hax0r or prankster? aojon.com reported attack site

[CPW-Carl]

Hmm, lulz or hax?

What is the current listing status for aojon.com?

Site is listed as suspicious - visiting this website may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
​

What happened when Google visited this site?

Of the 6 pages that we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-08-08, and the last time that suspicious content was found on this site was on 2009-08-05.Malicious software is hosted on 1 domain(s), including xb8.ru/.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
​

 

[johu]

http://www.wickedfire.com/shooting-shit/67002-avg-blocking-jons-blog.html

 

[CPW-Carl]

gah, I did a search on the domain before posting but that didn't turn up.

 

[ttime]

What is the current listing status for aojon.com?

Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
​

What happened when Google visited this site?

Of the 6 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-08, and the last time suspicious content was found on this site was on 2009-08-05.Malicious software is hosted on 1 domain(s), including xb8.ru/.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
​

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, aojon.com did not appear to function as an intermediary for the infection of any sites.
​

 

[kblessinggr]

It's simply possible that the site was a victim of one of those iframe injection attacks, and when logged by google it gets flagged as a malicious site for having the known malware url emeded. But even when removed you have to submit to google to notify them that the site has been cleaned before google, safari, firefox and so forth wills top warning bout the site.

 

[Jon]

It's simply possible that the site was a victim of one of those iframe injection attacks, and when logged by google it gets flagged as a malicious site for having the known malware url emeded. But even when removed you have to submit to google to notify them that the site has been cleaned before google, safari, firefox and so forth wills top warning bout the site.

^^^ This. End of story.

 

[FifthDimension]

It happened to me. When I went through the website I found a malevolous script and also a iframe injection script. I removed those and resubmitted to Google (you need to use request a review function in google webmaster tools)

 

[MyOwnDemon]

Happened to me last month on a lot of sites. I just uploaded fresh copies and used google webmaster tools. Problem solved in less than 24 hours.

 

[kidChaos]

That iFrame attack shit is nuts. Makes me thankful I recently switched to a Mac for development. I'd be in so much shit if that happened with all the client FTP info I have saved away.

 

[kblessinggr]

That iFrame attack shit is nuts. Makes me thankful I recently switched to a Mac for development. I'd be in so much shit if that happened with all the client FTP info I have saved away.

Well one of the surefire way to prevent the iframe stuff is

1) Keep your antivirus up to date
AND
2) Avoid using FTP, instead use SSH/SCP if you can, most of the trojans that capture your login do so by monitoring the FTP stream.

Most of the time the easiest fix (if wordpress) is to simply remove all the files and re-upload with a new batch of files, as long as the database info remains the same everything else should be fine (course you may need to back up your uploaded media content).